[openssl] openssl-3.0 update

tomas at openssl.org tomas at openssl.org
Tue Dec 7 10:27:49 UTC 2021 

The branch openssl-3.0 has been updated
       via  c9225ed5276fd622ac2eeda671e8d3576e1f1652 (commit)
       via  f48b5b11e8e3889ae636f9d1d3a800f48be1be90 (commit)
       via  7afec59c66a8028c1cd3b533035927bb8ff4c317 (commit)
      from  c416b09e36ad505727601f79420156d86af6deed (commit)


- Log -----------------------------------------------------------------
commit c9225ed5276fd622ac2eeda671e8d3576e1f1652
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Fri Dec 3 11:34:23 2021 +0100

    OSSL_HTTP_open(): clarify doc of 'server' arg and its use of BIO_new_connect()
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17186)
    
    (cherry picked from commit 119f8145c3bde29aae5d5b18c44d1663df975ef5)

commit f48b5b11e8e3889ae636f9d1d3a800f48be1be90
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Wed Dec 1 08:01:31 2021 +0100

    OSSL_HTTP_open(): Complete documentation of checks for server and proxy args
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17186)
    
    (cherry picked from commit 59b6b5a94f5a5f756aa323d1fb061697ca9eadf8)

commit 7afec59c66a8028c1cd3b533035927bb8ff4c317
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Tue Nov 30 20:06:09 2021 +0100

    OSSL_HTTP_set1_request(): Fix check for presence of port option and its documentation
    
    For HTTP (not HTTPS) with proxy, server must be given, port is optional
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17186)
    
    (cherry picked from commit 266383b44c4ebce5ddf551547e73ab6eec47805b)

-----------------------------------------------------------------------

Summary of changes:
 crypto/http/http_client.c       |  2 +-
 doc/man3/OSSL_HTTP_transfer.pod | 13 +++++++++----
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c
index 6a8149ba59..23677ca12f 100644
--- a/crypto/http/http_client.c
+++ b/crypto/http/http_client.c
@@ -971,7 +971,7 @@ int OSSL_HTTP_set1_request(OSSL_HTTP_REQ_CTX *rctx, const char *path,
         return 0;
     }
     use_http_proxy = rctx->proxy != NULL && !rctx->use_ssl;
-    if (use_http_proxy && (rctx->server == NULL || rctx->port == NULL)) {
+    if (use_http_proxy && rctx->server == NULL) {
         ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_INVALID_ARGUMENT);
         return 0;
     }
diff --git a/doc/man3/OSSL_HTTP_transfer.pod b/doc/man3/OSSL_HTTP_transfer.pod
index 2aef3a5347..7fcd71dbe0 100644
--- a/doc/man3/OSSL_HTTP_transfer.pod
+++ b/doc/man3/OSSL_HTTP_transfer.pod
@@ -56,9 +56,10 @@ OSSL_HTTP_open() initiates an HTTP session using the I<bio> argument if not
 NULL, else by connecting to a given I<server> optionally via a I<proxy>.
 
 Typically the OpenSSL build supports sockets and the I<bio> parameter is NULL.
-In this case I<rbio> must be NULL as well, and the
-library creates a network BIO internally for connecting to the given I<server>
-at the specified I<port> if any, defaulting to 80 for HTTP or 443 for HTTPS.
+In this case I<rbio> must be NULL as well and the I<server> must be non-NULL.
+The function creates a network BIO internally using L<BIO_new_connect(3)>
+for connecting to the given server and the optionally given I<port>,
+defaulting to 80 for HTTP or 443 for HTTPS.
 Then this internal BIO is used for setting up a connection
 and for exchanging one or more request and response.
 If I<bio> is given and I<rbio> is NULL then this I<bio> is used instead.
@@ -68,6 +69,8 @@ I<bio> is used for writing requests and I<rbio> for reading responses.
 As soon as the client has flushed I<bio> the server must be ready to provide
 a response or indicate a waiting condition via I<rbio>.
 
+If I<bio> is given, it is an error to provide I<proxy> or I<no_proxy> arguments,
+while I<server> and I<port> arguments may be given to support diagnostic output.
 If I<bio> is NULL the optional I<proxy> parameter can be used to set an
 HTTP(S) proxy to use (unless overridden by "no_proxy" settings).
 If TLS is not used this defaults to the environment variable C<http_proxy>
@@ -150,6 +153,8 @@ NULL) to print additional diagnostic information in a user-oriented way.
 
 OSSL_HTTP_set1_request() sets up in I<rctx> the request header and content data
 and expectations on the response using the following parameters.
+If <rctx> indicates using a proxy for HTTP (but not HTTPS), the server hostname
+(and optionally port) needs to be placed in the header and thus must be present.
 If I<path> is NULL it defaults to "/".
 If I<req> is NULL the HTTP GET method will be used to send the request
 else HTTP POST with the contents of I<req> and optional I<content_type>, where
@@ -251,7 +256,7 @@ OSSL_HTTP_close() returns 0 if anything went wrong while disconnecting, else 1.
 
 =head1 SEE ALSO
 
-L<OSSL_HTTP_parse_url(3)>, L<BIO_set_conn_port(3)>
+L<OSSL_HTTP_parse_url(3)>, L<BIO_new_connect(3)>,
 L<ASN1_item_i2d_mem_bio(3)>, L<ASN1_item_d2i_bio(3)>,
 L<OSSL_HTTP_is_alive(3)>

More information about the openssl-commits mailing list